Lucene search

TalosCVELIST:CVE-2023-48270

HistoryJul 08, 2024 - 3:22 p.m.

CVE-2023-48270

2024-07-0815:22:28

CWE-121

talos

www.cve.org

realtek

buffer overflow

boa formdnsv6

network requests

arbitrary code execution

attacker

vulnerability

sequence of requests

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.4%

JSON

A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.

CNA Affected

[
  {
    "vendor": "LevelOne",
    "product": "WBR-6013",
    "versions": [
      {
        "version": "RER4_A_v3411b_2T2R_LEV_09_170623",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Realtek",
    "product": "rtl819x Jungle SDK",
    "versions": [
      {
        "version": "v3.4.11",
        "status": "affected"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2023-1876

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.4%

JSON

Related for CVELIST:CVE-2023-48270